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TITLE OF THE INVENTION 
INFORMATION APPARATUS AND TRANSACTION CONTROL METHOD 
CROSS-REFERENCE TO RELATED APPLICATIONS 
This application is based upon and claims the 
5 benefit of priority from prior Japanese Patent 

Application No. 2003-095673, filed March 31, 2003, 
the entire contents of which are incorporated herein 
by reference. 

BACKGROUND OF THE INVENTION 
10 1. Field of the Invention 

The present invention relates to an information 
apparatus with a general-purpose bus for transferring 
a transaction, and a transaction control method. 
2. Description of the Related Art 
15 Information apparatuses, such as personal 

computers, contain a general-purpose bus, such as 
a peripheral component interconnect (PCI) bus. Various 
devices, such as a storage device and display device, 
are connected to the general-purpose bus, and content 
20 data (hereinafter referred to simply as "data") is 

transmitted between the devices. 

Data transferred via a general-purpose bus 
includes data to be protected in view of copyright. 
During transfer of data on a general-purpose bus, 
25 there is a danger of illegal acquisition of data to be 

protected at an access point (e.g., a PCI slot) from 
outside the bus. To avoid this, data is generally 



encrypted before it is transferred from a device to a 
general-purpose bus. The encrypted data is decrypted 
after it is transferred through the bus and before it 
is input to a destination device. 

However, providing all devices connected to 
a general-purpose bus with hardware or software 
for encryption or decryption inevitably increases 
the cost. Further, realization of reliable encryption 
or decryption requires considerable development cost 
and time. In light of this, there is a demand for 
a technique for realizing safe transfer of data to 
a general-purpose bus without encrypting the data, 
and preventing data from reaching the outside through 
the above-mentioned access point. 

U.S. Patent No. 6,311,255 discloses a technique 
for preventing the protected area of a memory in a 
device from being illegally accessed through an adaptor 
on a PCI bus. In this technique, whether a request for 
access to a target should be allowed is determined by 
checking the ID of the requester and the address of the 
target . 

This technique may protect the target from illegal 
access through a general-purpose bus, such as a PCI 
bus; however, once data to be protected, which is not 
encrypted, reaches the above-mentioned access point, 
it may easily reach the outside even if there is no 
illegal access. 
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BRIEF SUMMARY OF THE INVENTION 
Embodiments of the present invention may provide 
an information apparatus capable of safely transferring 
data to be protected even if the data is not encrypted 
5 when transmitting it to a general-purpose bus, and 

an information processing method for achieving such 
safe transfer. 

According to one aspect of the present invention, 
there is provided an information apparatus, comprising 

10 a first bus which transfers a non-encrypted transaction 

containing an address; a second bus connected to 
an outside of the information apparatus; and a bridge 
circuit connected between the first and second buses, 
the bridge circuit including a first controller 

15 which determines whether an address contained in the 

non-encrypted transaction transferred through the first 
bus falls within a first particular address range, and 
which prevents the non-encrypted transaction from being 
transmitted to the second bus, if the address falls 

20 within the first particular address range. 

According to another aspect of the present 
invention, there is provided a transaction control 
method applied to an information apparatus, comprising 
receiving a non-encrypted transaction transferred 

25 through a first bus, the non-encrypted transaction 

containing an address; extracting the address from 
the received transaction; and determining whether the 
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extracted address falls within a particular address 
range, and preventing the transaction from being 
transmitted to a second bus connected to an outside of 
the information apparatus, if the extracted address 
5 falls within the particular address range. 

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWING 
The accompanying drawings, which are incorporated 
in and constitute a part of the specification, 
illustrate embodiments of the invention, and together 
10 with the general description given above and the 

detailed description of the embodiments given below, 
serve to explain the principles of the invention. 

FIG. 1 is a block diagram illustrating the 
configuration of an information apparatus according to 
15 an embodiment of the invention; 

FIG. 2 is a block diagram illustrating 
a configuration example of a bridge circuit; 

FIG. 3 shows an information apparatus according to 
a modification of the embodiment of FIG. 1; 
20 FIG. 4 shows a modification of the bridge circuit 

of FIG. 2; 

FIG. 5 is a flowchart useful in explaining 
an operation example of the entire information 
apparatus related to transfer processing; and 
25 FIG. 6 is a flowchart illustrating an operation 

example of the bride circuit. 



DETAILED DESCRIPTION OF THE INVENTION 
Embodiments of the present invention will be 
described below with reference to the drawings. 

FIG. 1 is a block diagram illustrating the 
configuration of an information apparatus according to 
an embodiment of the invention. 

The information apparatus shown in FIG. 1 is, 
for example, a personal computer (PC) , which includes 
a system memory 1, microprocessor unit (MPU) 2, north 
bridge 3, south bridge 4, first PCI bus 5, digital 
general-purpose disk (DVD) drive 6, display unit 7 , PCI 
slot 8, second PCI bus 9, bridge circuit 10, input unit 
11, etc. 

The system memory 1 holds various types of data 
processed by the MPU 2, and is used as a work area for 
the MPU 2. In the example of FIG. 1, the address space 
(0x20000000 to 0x50000000) as a part of the address 
space (0x00000000 to OxFFFFFFFF) of the system memory 
1, which contains a series of address numbers, is 
assigned in advance to an area la used for processing 
data to be protected. 

The MPU 2 controls the entire information 
apparatus. When a request to process data (for 
example, a request to reproduce video data) is input 
through, for example, the input unit 11, the MPU 2 
reads the data from a device connected to the first 
PCI bus 5 and develops it on the system memory 1. 
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Further, the MPU 2 transmits, to the first PCI bus 5, 
a transaction that includes the data developed on the 
system memory 1, the corresponding address, the type of 
request, etc., in order to send it to a destination 
5 device in which the data is reproduced. 

The north bridge 3 has various controllers for 
performing bridge processing between the MPU 2 and 
south bridge 4, control of the system memory 1, etc. 

The south bridge 4 is connected to the north 
10 bridge 3 and first PCI bus 5, and has a controller 

for processing signals input through the input unit 11, 
and a controller for controlling various PCI devices 
connected to the first PCI bus 5. 

The first PCI bus 5 is a general-purpose bus, 
15 and is used to transfer a transaction that is not 

encrypted. The first PCI bus 5 is connected to the 
south bridge 4 and bridge circuit 10. 

The DVD drive 6 is a PCI device connected to the 
first PCI bus 5. Each DVD in the DVD drive 6 stores 
20 encrypted video data. When video data is read from 

each DVD, a decryption section 6a decrypts the data 
and transmits it to the PCI bus 5. In the embodiment, 
assume that the MPU 2 uses the area la of the system 
memory 1 to process the data read from a DVD in the DVD 
25 drive 6. 

The display unit 7 is another PCI device connected 
to the first PCI bus 5. The display unit 7 receives 



a transaction transmitted through the first PCI bus 5, 
and displays data contained therein. 

The PCI slot 8 has a detachable external device 
(such as a communication controller) 8a, and is 
connected to the second PCI bus 9. The PCI slot 8 is 
an access point at which a transaction on the second 
PCI bus 9 can be accessed by the external device. 

The second PCI bus 9 is another general-purpose 
bus having the same structure as the first PCI bus 5, 
and is interposed between the bridge circuit 10 and PCI 
slot 8. 

The bridge circuit 10 is connected between the 
first and second PCI buses 5 and 9. The bridge circuit 
10 determines whether, for example, the address 
contained in the transaction transferred through the 
first PCI bus 5 falls within a particular address range 
(which is identical to, for example, an address space 
of 0x20000000 to 0x50000000 in the system memory 1) . 
If the circuit 10 determines that the address falls 
within the range, it does not transmit the transaction 
to the second PCI bus 9. If, on the other hand, the 
address does not fall within the range, the transaction 
is transmitted to the second PCI bus 9. 

Further, the bridge circuit 10 determines whether 
the address contained in the transaction transferred 
through the second PCI bus 9 falls within a predeter- 
mined address range (which is identical to, for 



- 8 - 

example, the address space of 0x20000000 to 0x50000000 
in the system memory 1) . If the circuit 10 determines 
that the address falls within the range, it does not 
transmit the transaction to the first PCI bus 5. 
5 If, on the other hand, the address does not fall within 

the range, the transaction is transmitted to the first 
PCI bus 5. 

The input unit 11, which includes a mouse and 
keyboard, is used by users to make various requests for 

10 data processing. 

FIG. 2 is a block diagram illustrating a 
configuration example of the bridge circuit 10. 

The bridge circuit 10 includes transmission/ 
reception sections 21 and 22 and controllers 30 and 40. 

15 The controller 30 includes a particular address 

storage 31, address register 32, comparator 33, and 
process determination section 34. Similarly, the 
controller 40 includes a particular address storage 41, 
address register 42, comparator 43, and process 

20 determination section 44. 

Upon receiving a transaction transferred through 
the first PCI bus 5, the transmission/reception section 
21 transmits the transaction to the process determina- 
tion section 44 of the controller 40. Further, the 

25 section 21 extracts an address from the transaction and 

transmits the address to the address register 42 of the 
controller 40. 
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The particular address storage 41 prestores a 
particular address range (which is identical to, for 
example, the address space of 0x20000000 to 0x50000000 
in the system memory 1) . The comparator 43 compares 
5 the address stored in the particular address storage 

41 with that stored in the address register 42, and 
outputs the comparison result indicating whether they 
are identical. From the comparison result, the process 
determination section 44 determines whether the address 

10 in the address register 42 falls within the particular 

address range. If the address does not fall within the 
range, the process determination section 44 determines 
that the transaction should be transmitted to the 
second PCI bus 9, and transfers the transaction to the 

15 transmission/reception section 22. On the other hand, 

the address falls within the particular address range, 
the transaction is revoked. 

Upon receiving a transaction transferred through 
the second PCI bus 9, the transmission/reception 

20 section 22 transmits the transaction to the process 

determination section 34 of the controller 30. 
Further, the section 22 extracts an address from the 
transaction and transmits the address to the address 
register 32 of the controller 30. 

25 The particular address storage 31 prestores a 

particular address range (which is identical to, for 
example, the address space of 0x20000000 to 0x50000000 



in the system memory 1). The comparator 33 compares 
the address stored in the particular address storage 31 
with that stored in the address register 32, and 
outputs the comparison result indicating whether they 
are identical. From the comparison result, the process 
determination section 34 determines whether the address 
in the address register 32 falls within the particular 
address range. If the address does not fall within the 
range, the process determination section 34 determines 
that the transaction should be transmitted to the first 
PCI bus 5, and transfers the transaction to the 
transmission/reception section 21. On the other hand, 
the address falls within the particular address range, 
the transaction is revoked. 

FIG. 3 shows a modification of the information 
apparatus of FIG. 1. In FIGS. 1 and 3, like reference 
numerals denote like elements. 

Although in the example of FIG. 1, there is 
one area used to process data to be protected, the 
invention is not limited to this. Instead, two areas 
lb and lc, for example, may be employed to process data 
to be protected, as shown in FIG. 3. 

When the configuration of FIG. 3 is employed, 
it is sufficient if the configuration of the bridge 
circuit 10 shown in FIG. 2 is modified into the 
configuration shown in FIG. 4. The configuration of 
FIG. 4 will now be described. 
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A particular address storage 41a prestores a 
particular address range (which is identical to, for 
example, an address space of 0x10000000 to 0x20000000 
in the system memory 1) . Similarly, a particular 
5 address storage 41b prestores a particular address 

range (which is identical to, for example, an address 
space of 0x50000000 to OxFFFFFFFF in the system 
memory 1 ) . 

A comparator 43a compares the address stored in 

10 the particular address storage 41a with that stored in 

the address register 42, and outputs the comparison 
result indicating whether they are identical. 
Similarly, a comparator 43b compares the address stored 
in the particular address storage 41b with that stored 

15 in the address register 42, and outputs the comparison 

result indicating whether they are identical. 

From the comparison results, the process 
determination section 44 determines whether the address 
in the address register 42 falls within the particular 

20 address ranges. If the address does not fall within 

the ranges, the process determination section 44 
determines that the transaction should be transmitted 
to the second PCI bus 9, and transfers the transaction 
to the transmission/reception section 22. On the other 

25 hand, if the address falls within the particular 

address ranges, the transaction is revoked. 

Since elements 31 to 34 in the controller 30 have 



the same functions as the above-described elements 41 
to 44, no description is given thereof. 

Referring to the flowchart of FIG. 5, a 
description will be given of the operation of the 
information apparatus constructed as shown in FIG. 1 
that is related to transfer processing. 

Upon receiving a request to reproduce a DVD, the 
south bridge 4 instructs the MPU 2 to display, on the 
display unit 7, data stored in the DVD in the DVD drive 
6 (step Al) . 

The MPU 2 reads data from the DVD in the DVD drive 
6 (step A2) . The read data is not encrypted when it is 
transferred through the first PCI bus 5. The MPU 2 
transfers the read data to a predetermined address 
space (e.g., the address space of 0x20000000 to 
0x50000000) (step A3) . 

After that, the MPU 2 performs necessary 
processing on the data on the system memory 1, and 
then transfers it as a transaction to the display 
unit 7 (step A4 ) . The transaction is not encrypted 
when it is transferred through the first PCI bus 5. 
The transaction is simultaneously transferred to the 
display unit 7 and bridge circuit 10 via the first PCI 
bus 5 (step A5) . 

Upon detecting the transaction transferred through 
the first PCI bus 5, the bridge circuit 10 processes it 
(step A6) . Specifically, the bridge circuit 10 passes 
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the transaction therethrough to the second PCI bus 9, 
or revokes it. 

Referring to the flowchart of FIG. 6, the 
operation of the bridge circuit 10 constructed as 
5 shown in FIG. 2 will be described. 

When, for example, a transaction is transferred 
to the bridge circuit 10 via the first PCI bus 5, 
the transmission/reception section 21 of the bridge 
circuit 10 receives the transaction (step Bl) . The 

10 transmission/reception section 21 detects an address 

from the received transaction (step B2). The detected 
address is sent to the address register 42 of the 
controller 40, while the transaction is sent to the 
process determination section 44. 

15 The comparator 43 of the controller 40 compares 

the address extracted from the address register 
with the particular address range prestored in 
the particular address storage 41 (step B3) . 
The comparison result is sent to the process 

20 determination section 44. 

The process determination section 44 determines 
whether the address falls within the particular address 
range (step B4). If it does not fall within the range 
(NO at the step B4), the section 44 transmits the 

25 transaction to the second PCI bus 9 (step B5) . If, on 

the other hand, it falls within the range (YES at the 
step B4), the section 44 prevents the transaction from 
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being transmitted to the second PCI bus 9 by revoking 
the transaction (step B6) . 

The above-described description mainly concerns 
the operation of the controller 40. The controller 40 
5 controls transactions transferred through the first PCI 

bus 5, while the controller 30 controls transactions 
transferred through the second PCI bus 9. Since the 
controller 30 operates in the same manner as the 
controller 40, no description is given of the operation 

10 of the controller 30. 

As described above, even if data (or transaction) , 
which is to be protected and is not encrypted, is 
transmitted to the first PCI bus, it can be protected, 
by the control of the bridge circuit 10, from reaching 

15 the outside through the second PCI bus. Further, 

even if a transaction related to data which is to be 
protected and is not encrypted is transmitted from 
outside through the second PCI bus, data to be 
protected can be prevented from being altered. 

20 Thus, the present invention can protect data to be 

protected from reaching the outside, and transfer the 
data safely, even if the data is not encrypted before 
it is transmitted to a general-purpose bus. 

Additional advantages and modifications will 

25 readily occur to those skilled in the art. Therefore, 

the invention in its broader aspects is not limited to 
the specific details and representative embodiments 
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shown and described herein. Accordingly, various 
modifications may be made without departing from the 
spirit or scope of the general inventive concept as 
defined by the appended claims and their equivalents. 



